8 Ways to Avoid an Audit from the Business Software Alliance

The fear of a Business Software Alliance (BSA)audit has caused many a sleepless night among senior executives and IT professionals over the past two decades. This enforcement arm of dozens of high-profile software vendors is known for its aggressive tactics and for extracting hundreds of thousands of dollars from businesses who either use software illegally or who are unable to prove they purchased it legally.

Experts believe that one of the best ways to fight the BSA is to avoid the fight in the first place.

“The way to save money is looking at not getting caught in a situation where you have an audit,” said Rob Scott, a lawyer who specializes in BSA defense as a partner of Houston-based Scott and Scott. “It is implementing a proactive program that is appropriate for your size company that will help you avoid these issues going forward. Because it is a lot cheaper to do it as an internal project with the guidance of a consultant or a law firm than it is to respond to an adversarial process like a self audit”

Don’t think it can happen to your company? Take a look at 12 companies who were fined by the BSA in 2007.

The following tips offer advice on how to prevent future hassle at the hands of the BSA by acting proactively. Most of them revolve around software asset management (SAM), a process which is industry best practice to implement not only to prove license entitlements for compliance, but also to prevent overbuying, allow for better volume licensing negotiation and to improve operational efficiencies.

“When you look at SAM, there is no reason or excuse not to do it. It is like weeding your garden or cleaning out your garage,” said Laura DiDio, analyst for Yankee Group. “It’s a housekeeping chore.”

1. Save your receipts.Many of the businesses that the BSA tags are not necessarily blatant pirates, but instead just suffer from a case of sloppy record keeping. It might be so simple it sounds silly, but the best way to take the sting away from a BSA inquiry is to retain your receipts.

“My biggest piece of advice is to keep your receipts,” said Steve Helland, a partner at the Minneapolis-based law firm of Fredrikson and Byron who specializes in BSA defense. “It sounds overly simplified and it might not be quite that easy to do, but it really isn’t a whole lot more complicated than that on the front end.”

Jewel cases and certificates of authenticity might help prove purchases in a court trial, but the BSA asks for evidence of ownership and proof of purchase that is dated. Most BSA cases will never go to court because the BSA banks on the fact that it will cost an organization more to go through the litigation process than to settle outright. So it really doesn’t matter what a judge will say, organizations must play by the BSA’s rules. Besides, saving receipts is the bedrock of a solid asset management program. Having that paper trail is necessary for more than just protecting an organization from the BSA’s attack team.

“You need to prove what it assets you own for many reasons beyond just audit risk,” Scott said. “If you ever want to sell your business these records are going to be required, plus there’s all kinds of potential tax issues involved, so you have got to keep these documents anyway. The way to get ahead of this is to implement the technology and the processes that are appropriate.

2. Make compliance a by-product of software asset management.
While saving receipts is certainly one aspect to SAM, it isn’t the only element. According to Juan Fernando Rivera of Microsoft, a mature software asset program should be able to track software assets throughout their lifecycle, match them to licenses, and estimate needs for future upgrades and purchases. By fully implementing SAM in this way you’ll convert your energy from simple compliance efforts into practices that drive value to the business.

“A lot of people still think that software asset management is just about compliance, it’s not,” said Rivera, who is Microsoft’s director of software asset management and the Genuine Software Initiative for the US. “Compliance is a byproduct of software asset management. There is a whole array of benefits that software asset management provides to a customer when implemented properly.”

For example, when it comes time to negotiate volume licensing agreements, most companies are going to be in a better position to bargain with their vendor if their records are well-organized. When vendors see solid SAM in place, they are less likely to question a customer’s inventory estimates.

“Another benefit of software asset management is better budget control,” Rivera said. “If you understand what you need and what you have, you’re going to make smarter investment decisions. You are not going to be buying software that you cannot deploy because the hardware’s not ready and you are not going to buy software that you don’t really need.”

On top of that, your operations will also reap the benefits of SAM.

“When you have software management in place, chances are you are going to move to more standardized desktop implementation and that is going to minimize the cost of helpdesk significantly,” Rivera said.

DiDio of Yankee Group agrees that compliance is just a small part of the value of SAM. “It is also very good for security purposes. If you don’t have SAM and you’ve got outdated versions of software on there, they might need to be patched you wouldn’t even know,” she said. “You are helping yourself in a lot of ways by implementing it.”

Page 2: Use free tools